[Snort-users] More info on "DDOS - TFN client command LE"
dr at ...381...
Mon Sep 16 21:00:02 EDT 2002
On September 17, 2002 03:41 am, Jeff Taylor wrote:
> Can anyone give me more information on this attack, "DDOS - TFN client
> command LE"? It just showed up in my logs from the ISP's router
Tribe Flood Network is a distributed denial of service client.
A single alert is likely just a false from a data packet.
Lots of alerts are worth some investigation. In either case
looking at the offending packet(s) should offer some help.
This client isn't so "fashionable" any more as more sophistcated
tools exist for the same - so I'd guess a false positive.
dr at ...381... pgp: http://dragos.com/kyxpgp
Advance CanSecWest/03 registration available: http://cansecwest.com
"The question of whether computers can think is like the question
of whether submarines can swim." --Edsger Wybe Dijkstra 1930-2002
More information about the Snort-users